Episode Details
Back to Episodes
DtSR Episode 253 - Defending the Small-to-Medium Enterprise
Published 8 years, 8 months ago
Description
On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.
- Blue Cross Blue Shield of Alabama sends out USB sticks
- Security elitists up in arms
- We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content?
- To my fellow security professionals- it's reckless to continue to stand with a firm "no" while offering no alternatives
- So what do we suggest?
- More important - what threat model vector are we saying that blocking the sending out of USB sticks would defend against?
- https://www.theregister.co.uk/2017/07/12/blue_cross_usb_card_mailers/
- MySpace has a major account password reset flaw, allowing account take-over
- Wait ... MySpace is still around?
- But seriously, to exploit this last ditch feature for those who've forgotten everything else all you need is the listed name, date of birth, and username
- How many of our sites have this problem, or worse?
- https://www.wired.com/story/myspace-security-account-takeover/
This week we bring Shon Gerber onto the show to talk about defending the SMB and SME. Here are some of our talking points:
- SMBs/SMEs are uniquely challenged in that they can't afford good security any more than they can accord lack of security -- what's the answer?
- How do we achieve scale, in an area of industry with razor thing margins and tiny profit margins
- SMBs/SMEs are more likely to be catastrophically affected by an attack such as ransomware than big companies -- agree or disagree (#DtSR on twitter to talk back)
- Other challenges - including how to achieve scale
Guest:
- Shon Gerber
- Current
- CISO for multinational chemical company with approximately 10K employees
- Recent Past
- Security Operations Supervi
- Current
Have something to say? Let's hear it.
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast